From afbfd8da72159ff9b7f8395df3c517e452dac90d Mon Sep 17 00:00:00 2001 From: Assil Ksiksi Date: Tue, 28 Nov 2023 19:49:36 -0500 Subject: [PATCH] add support for runtime and security_opt --- README.md | 16 ++++++++++++++++ compose.go | 6 ++++++ testdata/TestDocker_EnvFilesOnly_out.nix | 2 ++ testdata/TestDocker_RemoveVolumes_out.nix | 2 ++ testdata/TestDocker_SystemdMount_out.nix | 2 ++ testdata/TestDocker_WithProject_out.nix | 2 ++ testdata/TestDocker_out.nix | 2 ++ testdata/TestPodman_WithProject_out.nix | 2 ++ testdata/TestPodman_out.nix | 2 ++ testdata/docker-compose.yml | 3 +++ 10 files changed, 39 insertions(+) diff --git a/README.md b/README.md index 4eb10c7..ddded49 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,20 @@ Note: if the Compose service has a `container_name` set, then the systemd servic sudo systemctl restart podman-myproject-myservice.service ``` +#### Update a Container + +1. Pull the latest image: + +``` +podman pull image +``` + +2. Restart the service: + +``` +sudo systemctl restart podman-myproject-myservice.service +``` + #### `docker compose down` By default, this will only remove networks. @@ -190,6 +204,8 @@ If a feature is missing, please feel free to [create an issue](https://github.co | [`extra_hosts`](https://docs.docker.com/compose/compose-file/05-services/#extra_hosts) | ✅ | | [`sysctls`](https://docs.docker.com/compose/compose-file/05-services/#sysctls) | ✅ | | [`shm_size`](https://docs.docker.com/compose/compose-file/05-services/#shm_size) | ✅ | +| [`runtime`](https://docs.docker.com/compose/compose-file/05-services/#runtime) | ✅ | +| [`security_opt`](https://docs.docker.com/compose/compose-file/05-services/#security_opt) | ✅ | #### [`networks`](https://docs.docker.com/compose/compose-file/06-networks/) diff --git a/compose.go b/compose.go index 25bef87..ef5fbcf 100644 --- a/compose.go +++ b/compose.go @@ -358,6 +358,12 @@ func (g *Generator) buildNixContainer(service types.ServiceConfig) (*NixContaine for _, device := range service.Devices { c.ExtraOptions = append(c.ExtraOptions, "--device="+device) } + if service.Runtime != "" { + c.ExtraOptions = append(c.ExtraOptions, "--runtime="+service.Runtime) + } + for _, opt := range service.SecurityOpt { + c.ExtraOptions = append(c.ExtraOptions, "--security-opt="+opt) + } // https://docs.docker.com/compose/compose-file/05-services/#extra_hosts // https://docs.docker.com/engine/reference/commandline/run/#add-host diff --git a/testdata/TestDocker_EnvFilesOnly_out.nix b/testdata/TestDocker_EnvFilesOnly_out.nix index e4589c0..60c581a 100644 --- a/testdata/TestDocker_EnvFilesOnly_out.nix +++ b/testdata/TestDocker_EnvFilesOnly_out.nix @@ -237,6 +237,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."docker-traefik" = { diff --git a/testdata/TestDocker_RemoveVolumes_out.nix b/testdata/TestDocker_RemoveVolumes_out.nix index fc2e371..8e65105 100644 --- a/testdata/TestDocker_RemoveVolumes_out.nix +++ b/testdata/TestDocker_RemoveVolumes_out.nix @@ -263,6 +263,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."docker-traefik" = { diff --git a/testdata/TestDocker_SystemdMount_out.nix b/testdata/TestDocker_SystemdMount_out.nix index 2edaf90..b8a4dca 100644 --- a/testdata/TestDocker_SystemdMount_out.nix +++ b/testdata/TestDocker_SystemdMount_out.nix @@ -271,6 +271,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."docker-traefik" = { diff --git a/testdata/TestDocker_WithProject_out.nix b/testdata/TestDocker_WithProject_out.nix index dd8742b..7dd97d7 100644 --- a/testdata/TestDocker_WithProject_out.nix +++ b/testdata/TestDocker_WithProject_out.nix @@ -263,6 +263,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."docker-traefik" = { diff --git a/testdata/TestDocker_out.nix b/testdata/TestDocker_out.nix index 271463b..e03aa56 100644 --- a/testdata/TestDocker_out.nix +++ b/testdata/TestDocker_out.nix @@ -258,6 +258,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."docker-traefik" = { diff --git a/testdata/TestPodman_WithProject_out.nix b/testdata/TestPodman_WithProject_out.nix index 5339c1e..67abf34 100644 --- a/testdata/TestPodman_WithProject_out.nix +++ b/testdata/TestPodman_WithProject_out.nix @@ -251,6 +251,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."podman-traefik" = { diff --git a/testdata/TestPodman_out.nix b/testdata/TestPodman_out.nix index 9102806..d46170d 100644 --- a/testdata/TestPodman_out.nix +++ b/testdata/TestPodman_out.nix @@ -246,6 +246,8 @@ "--log-opt=max-file=3" "--log-opt=max-size=10m" "--network=container:sabnzbd" + "--runtime=nvidia" + "--security-opt=label=disable" ]; }; systemd.services."podman-traefik" = { diff --git a/testdata/docker-compose.yml b/testdata/docker-compose.yml index a6f2404..93e1b16 100644 --- a/testdata/docker-compose.yml +++ b/testdata/docker-compose.yml @@ -171,6 +171,9 @@ services: - "compose2nix.systemd.service.Restart=none" - "compose2nix.systemd.unit.AllowIsolate=true" network_mode: "container:sabnzbd" + runtime: nvidia + security_opt: + - label=disable logging: driver: "json-file" options: